CVE-2024-50298

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 27, 2024
CWE ID 476

Summary

CVE-2024-50298: In the Linux kernel, a null pointer dereference vulnerability was identified in the net: enetc driver. This issue arises due to the improper allocation of vf_state memory during PF probes. In some cases, net_device_ops::ndo_set_vf_mac() is called before VF is enabled to configure the MAC address, leading to vf_state being a null pointer. This can result in a kernel panic or potentially allow an attacker to execute arbitrary code. The error log displays a NULL pointer dereference at virtual address 0x0, with the root cause being enetc_pf_set_vf_mac() accessing an uninitialized vf_state pointer.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share